Brown & Co is committed to protecting and respecting the privacy and security of the personal information of our clients. For the purpose of this policy, we define a client to include customers of Brown & Co (regardless of whether we charge any fee), applicants, enquirers, prospective customers, employees, or other related professional advisers. This privacy notice aims to give you information on how Brown & Co collects, processes and retains your personal data and how we comply with the Data Protection Act 2018 and the retained EU General Data Protection Regulation 2016/679. We may need to update this notice from time to time.
Our contact details
Brown & Co – Property and Business Consultants LLP is the data controller responsible for your personal data. If you have a cause for concern or a general enquiry, please contact: Data Protection Manager, Brown & Co – Property and Business Consultants LLP, The Atrium, St George’s Street, Norwich, Norfolk, NR3 1AB; telephone 01603 629871 or e-mail firstname.lastname@example.org.
The type of personal information we collect
- Brown & Co collect and process and following information:
Personal identification information such as names, addresses, e-mail addresses and telephone numbers Telephone conversations such as a recording of the call and your telephone number
- Video conferences and conversations such as a video recording of the video conference and your e-mail address
- Your contact history
- Your transaction history
- Where required by law, copies of photographic identification or other forms of identification showing your full name, place of residence, etc.
- Where required to transact with you, your bank details or credit or debit card details or financial details
- Where required to transact with you, proof of your nationality or immigration status
- Credit reference agency information
- CCTV imagery
- Any relevant access requirements you may have
- Your marketing preferences and responses to surveys, polls or promotions
How we get the personal information and why we have it
The majority of the information we collect, process and retain is provided to us directly by our clients, for one of the following reasons:
- Where we need to perform the services under the contract that we have entered into, either with you or with a third party
- Where we need to comply with a legal obligation
- Where it is necessary for our legitimate interests (or those of a third party), provided your interest and fundamental rights do not override those interests
- To assist in monitoring the quality of, or improving, our services
- For the purposes of employment, engagement or subcontracting
- To investigate or resolve a complaint
- To prevent fraud
We may have to share your data with third parties, including other professional advisers (such as accountants or lawyers), selected third party service providers and suppliers (such as credit reference agencies, software companies, online portals, search engines, marketing agents or subcontractors) and other related entities. We require any third parties to respect the security of your data to the same standards that we have, and to treat it in accordance with the applicable laws. Furthermore, we only share your data with those third parties for the necessary performance of any contract we enter into with you and provided that we have a contract in place that requires your information to be kept securely and to only be used in accordance with applicable data protection law.
The lawful bases on which we rely for processing this information are:
- You are deemed to have consented
- We have a contractual obligation
- We have a legal obligation
- We have a legitimate interest
If you cannot agree with this policy or fail to provide any relevant information when asked, we may not be able to perform our services for you and may have to cancel the services you have requested of us. We will notify you if this is the case.
How we store your personal information
Your information is stored in our offices or on our secure servers and on servers managed by third parties as per the above. Unfortunately, the transmission of information via the internet is not completely secure and so although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to our website or via e-mail to us. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Given that Brown & Co operate worldwide, we may need to transfer the personal information we collect about you outside the UK, without your explicit permission, but we ensure that this data is held to the same standards as dictated by UK legislation.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business interest. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, insurance or reporting requirements. To comply with the law and to ensure we have the necessary information required in order to resolve future issues that might arise, we retain all personal data for the duration of any applicable contract or service plus an additional seven years. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. After this time, we dispose of or destroy your information securely. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your data protection rights
Under data protection law, you have rights including:
Your right of access
You have the right to ask us for copies of your personal information.
Your right to rectification
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing
You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability
You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. However, we charge a reasonable fee if your request for information is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Please contact us if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at the details given above. You can also contact the Information Commissioner’s Office if you are unhappy with how we have used your data. Their address is:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; telephone 0303 123 1113 or visit www.ico.org.uk.